Add the --creation-time argument to sq key adopt.

- Add an argument to `sq key adopt`, `--creation_time`, to allow the user to override the key's creation time.
2024-09-26 12:47:19 +02:00 · 2024-09-26 12:47:19 +02:00 · 6451e0416f
commit 6451e0416f
parent 33dc4a1b41
4 changed files with 74 additions and 1 deletions
--- a/2
+++ b/2
@ -11,6 +11,8 @@
   - `sq key adopt` add options (`--can-`--can-sign`, `--cannot-sign`,
     `--can-authenticate`, `--cannot-authenticate`, `--can-encrypt`,
     `--cannot-encrypt`) to allow overriding the key flags.
+   - `sq key adopt` now accepts the options `--creation-time` to allow
+     the user to override the key's creation time.
 * Changes in 0.38.0
 ** Notable changes
   - New subcommand `sq key subkey delete` to delete secret key
--- a/src/cli/key.rs
+++ b/src/cli/key.rs
@ -697,6 +697,18 @@ pub struct AdoptCommand {
        help = "Add the key or subkey KEY to the certificate",
    )]
    pub key: Vec<KeyHandle>,
+    #[clap(
+        long,
+        value_name = "CREATION_TIME",
+        help = "Make adopted subkeys have the specified creation time",
+        long_help = "\
+Make adopted subkeys have the specified creation time.
+
+Normally, the key's creation time is preserved.  This option allows \
+setting the key's creation time to a specified value.  Note: changing \
+the key's creation time also changes its fingerprint.",
+    )]
+    pub creation_time: Option<Time>,
    #[clap(
        long,
        value_name = "EXPIRATION",
--- a/src/commands/key/adopt.rs
+++ b/src/commands/key/adopt.rs
@ -146,7 +146,14 @@ pub fn adopt(sq: Sq, mut command: cli::key::AdoptCommand) -> Result<()>
                Err(err) => return (kh, Err(err)),
            };

-            let key = key.key().clone().role_into_subordinate();
+            let mut key = key.key().clone().role_into_subordinate();
+
+            if let Some(creation_time) = &command.creation_time {
+                match key.set_creation_time(creation_time.clone()) {
+                    Ok(_) => (),
+                    Err(err) => return (kh, Err(err)),
+                }
+            }

            (kh, Ok((cert, key, builder)))
        })
--- a/tests/integration/sq_key_adopt.rs
+++ b/tests/integration/sq_key_adopt.rs
@ -9,6 +9,7 @@ use openpgp::Fingerprint;
 use openpgp::KeyHandle;
 use openpgp::Result;
 use openpgp::cert::prelude::*;
+use openpgp::parse::Parse;
 use openpgp::policy::StandardPolicy;
 use openpgp::types::KeyFlags;

@ -698,3 +699,54 @@ fn adopt_bare() -> Result<()> {

    Ok(())
 }
+
+// Check that we can set the key creation time.
+#[test]
+fn key_creation_time() -> Result<()> {
+    let sq = Sq::new();
+
+    sq.key_import(alice());
+
+    let alice2_pgp = sq.scratch_file("alice2.pgp");
+
+    let to_adopt = bare_signing().0;
+
+    // $ date --iso-8601=seconds --utc --date='@1577483647'
+    // 2019-12-27T21:54:07+00:00
+    let time = 1577483647;
+    let time = std::time::UNIX_EPOCH + std::time::Duration::new(time, 0);
+    let time_str = "2019-12-27T21:54:07+00:00";
+
+    let bare_file = bare();
+    let bare = Cert::from_file(&bare_file).expect("can read file");
+
+    let cert = sq.key_adopt(
+        &["--can-encrypt", "universal", "--creation-time", time_str ],
+        vec![ bare_file ],
+        alice_primary().0,
+        vec![ to_adopt.clone() ],
+        &alice2_pgp);
+
+    let mut found = false;
+    for k in cert.keys() {
+        let was_adopted = k.mpis() == bare.primary_key().mpis();
+
+        eprintln!("{}: {:?}{}",
+                  k.fingerprint(),
+                  k.creation_time(),
+                  if was_adopted {
+                      " (adopted)"
+                  } else {
+                      ""
+                  });
+        if was_adopted {
+            assert_eq!(k.creation_time(), time);
+            found = true;
+        }
+    }
+    if ! found {
+        panic!("{} was not adopted", to_adopt);
+    }
+
+    Ok(())
+}